WO2000067256A1 - Registering copy protected material in a check-out, check-in system - Google Patents

Registering copy protected material in a check-out, check-in system Download PDF

Info

Publication number
WO2000067256A1
WO2000067256A1 PCT/EP2000/003801 EP0003801W WO0067256A1 WO 2000067256 A1 WO2000067256 A1 WO 2000067256A1 EP 0003801 W EP0003801 W EP 0003801W WO 0067256 A1 WO0067256 A1 WO 0067256A1
Authority
WO
WIPO (PCT)
Prior art keywords
check
receiving device
content material
security
copy
Prior art date
Application number
PCT/EP2000/003801
Other languages
French (fr)
Inventor
Michael A. Epstein
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Priority to DE2000626137 priority Critical patent/DE60026137T2/en
Priority to EP00918895A priority patent/EP1092220B1/en
Priority to JP2000616018A priority patent/JP2003522349A/en
Publication of WO2000067256A1 publication Critical patent/WO2000067256A1/en

Links

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00731Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
    • G11B20/00746Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number
    • G11B20/00789Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number wherein the usage restriction limits the number of functional copies, which can be accessed at a time, e.g. electronic bookshelf concept, virtual library, video rentals or check-in/check out
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00217Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • G06F2211/008Public Key, Asymmetric Key, Asymmetric Encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/10Digital recording or reproducing
    • G11B2020/10833Copying or moving data from one record carrier to another
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/10Digital recording or reproducing
    • G11B2020/10935Digital recording or reproducing wherein a time constraint must be met

Definitions

  • This invention relates to the field of consumer devices, and in particular to techniques for preventing or discouraging the illicit duplication of copy protected material.
  • flash memory cards to record content material for playback on small portable devices.
  • flash memory cards or similar electronic memory devices, have an advantage over conventional recording media such as discs or tapes, in that they contain no moving parts and are thus more reliable and robust.
  • the playback devices for these memory cards need not contain movement mechanisms and are therefore also more reliable, robust, and, in general, less expensive than conventional players.
  • the electronic memory devices and corresponding players are also generally much smaller than conventional discs or tapes and corresponding players, and generally consume less power, further increasing their suitability for use as portable playback systems.
  • check-out/check-in One method for limiting the ability to copy the content material is a "checkout/check-in" system.
  • the copying and playback devices are “conforming" devices, in that they conform to the standards used to protect copy-protected material.
  • the conforming providing device prevents additional copies from being made until the portable medium containing the copy is returned to the providing device. That is, the check-out/check-in system provides a "one-at-a-time", or an "at-most-N-at-a-time", copy scheme to limit the number of simultaneously available copies of protected content material.
  • a check-out/check-in system is susceptible to a variety of attacks intended to overcome the security provided by a check-out/check-in system.
  • the most straightforward attack is one in which a non-conforming device is used to receive the material. After receiving the material, the non-conforming device provides unlimited copies.
  • Another attack is one in which a non- conforming device "checks-in" material that another device received.
  • a conforming device can receive/check-out the material, the non-conforming can "check-in” the material, and another conforming device can then receive the material, because the check-out/check-in system believes that the other copy has been returned. In this manner, an unlimited number of copies can be made to conforming devices, such as the aforementioned flash memory cards.
  • the verification of the receiving device is effected via a conventional certification process.
  • the verification that the same device is used for check-in and check-out is effected via a secure challenge-response protocol.
  • the system provides a unique challenge that is specific to the receiving device when the content material is checked-out, and verifies the appropriate response when the content material is checked-in. Because the challenge- response is specific to the receiving device, only the device that receives the challenge when the content material is checked-out can provide the appropriate response when the content material is checked-in.
  • Fig. 1 illustrates an example block diagram of a check-out/check-in system in accordance with this invention.
  • Fig. 2 illustrates an example flow diagram of a check-out/check-in system in accordance with this invention.
  • This invention is based on the premise that a reliable check-in/check-out system has two fundamental requirements.
  • a reliable check-in/check-out system requires a reliable means of verifying that the receiving device is a certified conforming-device. Otherwise, the copy provided to a potentially non-conforming device may be illicitly reproduced, thereby obviating the copy protection provided by a check-out/check-in system.
  • the system requires a reliable means of verifying that the checked-in material is being returned from the same certified conforming-device that initially checked-out the material. Otherwise, a non-conforming device can be used to 'check-in' material that another device, including a conforming device, received.
  • Other security techniques common in the art, may also be applied, for increased copy and distribution protection.
  • Fig. 1 illustrates an example block diagram of a check-out/check-in system in accordance with this invention.
  • the check-out/check-in system includes a check-out/check-in device 100 and a receiving device 200.
  • the check-out/check-in device includes a catalog controller 110 that controls access to a catalog of content material 150 to certified receiving devices.
  • the controller 110 limits the number of copies of each content material 150 that are simultaneously available. In a preferred embodiment, the controller 110 maintains a count of the number of copies of the content material 150 that have been provided to, or "checked- out" to, certified receiving devices, and refuses to provide additional copies when a predefined limit is reached.
  • the check-out/check-in system allows a receiving device 200 to "return", or “check-in” a copy of the content material 150, so that it can be provided to another receiving device.
  • the receiving device 200 is presumed to be a conforming device, and a "return" of the material 150 corresponds to a termination of access to the copy of the content material 150 by the receiving device 200, and the "return” is a notification to the check-out/check-in device 100 that the receiving device 200 has terminated the access.
  • the check-out/check-in device 100 decrements the count of the number of copies of the content material 150 that have been provided to receiving devices, thereby allowing another copy of the content material 150 to be provided to a certified receiving device.
  • a conforming receiving device 200 includes a "certificate" 211 that is issued by a trusted authority to certify that the receiving device is a device that is configured to conform to standards that have been established to protect copy protected content material.
  • This certificate 21 1 typically includes a public key of a public-private key pair that is associated with the receiving device 200, the identity of the receiving device, and a digital signature based on a private key that is associated with the trusted authority. The digital signature binds the identity of the receiving device to the public key to the public key of the receiving device.
  • the receiving device 200 communicates this certificate 211 to a certification verifier 120 in the check-out/check-in device 100.
  • the certification verifier 120 applies a public key associated with the trusted authority to verify a correspondence between the communicated public key and the identity and authenticity of the receiver by means of the digital signature in the certificate 211. Because only the trusted authority can be expected to provide a digital signature that can be verified by the trusted authority's public key, the proper verification of the digital signature is a certification that the receiving device 200 is an authorized recipient for protected content material.
  • the catalog controller 110 provides/checks-out the selected content material 150 to the receiving device 200, provided that the selected content material 150 has not already been checked-out to the maximum number of simultaneous receivers, based on the count parameter discussed above.
  • the catalog controller 110 will check-out the content material 150 to the receiving device 200 if and only if no other receiving device has checked-out this content material 150 and has not yet returned it.
  • the catalog controller 110 when the catalog controller 1 10 provides the copy of the content material 150 to the receiving device 200, the catalog controller 110 also issues a secure "challenge" to the receiving device, using any of a number of challenge- response protocols.
  • the challenge is an encryption of a random number 135, based on the aforementioned public key of the public-private key pair that is associated with the receiving device 200.
  • the random number 135 is provided by any number of techniques common in the art, including a pseudo-random number generator, a selection from a list, and so on.
  • the certificate 211 contains this public key, and the certification verifier 120 provides this certified public key to an encrypter 130 to effect the encryption of the random number 135.
  • the receiving device 200 stores the challenge in its memory 210, along with the associated content material 150.
  • the content material 150 is provided to the receiving device in a secure form.
  • the content material 150 may be encrypted using the aforementioned public key of the receiving device, and subsequently decrypted by the receiving device using a decrypter 230 and the receiving device's corresponding private key 212.
  • the content material 150 may be encrypted using a particular key, and this particular key is encrypted using the public key of the receiving device.
  • the receiving device 200 decrypts the encrypted key using the private key 212, and uses the decrypted key to decrypt the content material 150.
  • a security device 220 in the receiving device 200 erases the selected content material 150 from its memory 210, or otherwise terminates access to this content material 150, and communicates a "response" to the aforementioned "challenge” that was received when the content material 150 was received.
  • the decrypter 230 within the security device 220 decrypts the encrypted random number that was received, and communicates the decrypted random number to the return verifier 140 of the check-out/check-in device 100.
  • the return verifier compares the received decrypted random number to the original random number 135 to verify that the receiving device 200 is the same device that received the content material 150. Note that because the receiving device is assumed to be the only device having access to the receiving device's private key 212, and the encryption of the random number 135, and the content material 150, is based on the receiving device's public key, only the receiving device can return a decrypted random number that matches the original random number 135.
  • the catalog controller will typically contain a variety of content material that can be checked-out, and will typically check-out selected content material to a variety of receiving devices.
  • the catalog controller 110 and/or the return verifier 140 will contain a list of each checked-out content material and the random number associated with each checked-out content material, to effectively manage the check-out/check-in process.
  • each content material may have a different limit to the number of copies that may be simultaneously provided, with some content material allowing an unlimited number of simultaneous copies, and the catalog controller 110 is configured to enforce each limit as required.
  • Fig. 2 illustrates an example flow diagram of a check-out/check-in system in accordance with this invention.
  • the check-out/check-in device receives a transaction request that includes an identification of the content material, and a certificate that verifies that the receiving device is a conforming device.
  • the certificate includes the public key of a public-private key pair that is associated with the receiving device. If, at 315, the certificate is determined to be invalid, the process is aborted; otherwise, the type of transaction is determined, at 325. If the transaction is a request to check-out content material, the current count of the number of copies of the requested content material is compared to the limit of the number of simultaneous copies permitted, at 335.
  • the process is aborted. If the number of currently checked-out copies is not less than the limit, the process is aborted. If the number of currently checked-out copies is less than the limit, a challenge is generated, at 340, and the challenge and the content material are transmitted to the receiving device, at 350. The current count of the number of checked-out copies is incremented, at 360, thereby corresponding to a check-out of the content material. If, at 325, the transaction is a return/check-in of content material, the checkout/check-in device receives the response to the challenge that was given to the receiving device checked-out the content material, at 370.
  • the response is an appropriate response to the challenge, at 375, the current count of the number of checked-out copies of the content material is decremented, at 380, thereby corresponding to a "return" of the content material, and the process continues. If the response does not correspond to the challenge, at 375, the count is not decremented.
  • the process continues at 390, typically by looping back to step 310, to await another transaction request.
  • the flow 310-325 can be modified to bypass the 're-certification' of the receiving device when content material is being returned, on the assumption that only a previously certified receiving device will be able to provide an appropriate response to the challenge, at 370.

Abstract

In a limited-copy protection scheme, a check-out/check-in system is configured to a) verify that the receiving device is a certified conforming device, and b) verify that the device that checks-in content material is the same device that checked-out the content material. The verification of the receiving device is effected via a conventional certification process. The verification that the same device is used for check-in and check-out is effected via a secure challenge-response protocol. As contrast to a conventional contemporaneous challenge-response protocol, the system provides a challenge that is specific to the receiving device when the content material is checked-out, and verifies the appropriate response when the content material is checked-in. Because the challenge-response is specific to the receiving device, only the device that receives the challenge when the content material is checked-out can provide the appropriate response when the content material is checked-in.

Description

Registering copy protected material in a check-out, check-in system.
This invention relates to the field of consumer devices, and in particular to techniques for preventing or discouraging the illicit duplication of copy protected material.
Techniques are continually being proposed and developed to prevent or discourage the illicit duplication of copy-protected material, such as commercial music recordings. These techniques generally attempt to limit the number of copies that can be made from a legitimate copy of the copy-protected material. At the same time, the purchaser of this legitimate copy expects to have unlimited rights for copying this material for his or her private purposes. For example, the typical purchaser has access to multiple means for playing and recording the material, and expects to be able to play the purchased material on each of these means, without constraints.
Increasingly common in the art is the use of flash memory cards to record content material for playback on small portable devices. These flash memory cards, or similar electronic memory devices, have an advantage over conventional recording media such as discs or tapes, in that they contain no moving parts and are thus more reliable and robust. Similarly, the playback devices for these memory cards need not contain movement mechanisms and are therefore also more reliable, robust, and, in general, less expensive than conventional players. The electronic memory devices and corresponding players are also generally much smaller than conventional discs or tapes and corresponding players, and generally consume less power, further increasing their suitability for use as portable playback systems.
One method for limiting the ability to copy the content material is a "checkout/check-in" system. In this, as in other protection schemes presented herein, it is assumed that the copying and playback devices are "conforming" devices, in that they conform to the standards used to protect copy-protected material. When a copy of the material is made from a providing device to a portable medium, the conforming providing device prevents additional copies from being made until the portable medium containing the copy is returned to the providing device. That is, the check-out/check-in system provides a "one-at-a-time", or an "at-most-N-at-a-time", copy scheme to limit the number of simultaneously available copies of protected content material.
A check-out/check-in system is susceptible to a variety of attacks intended to overcome the security provided by a check-out/check-in system. The most straightforward attack is one in which a non-conforming device is used to receive the material. After receiving the material, the non-conforming device provides unlimited copies. Another attack is one in which a non- conforming device "checks-in" material that another device received. A conforming device can receive/check-out the material, the non-conforming can "check-in" the material, and another conforming device can then receive the material, because the check-out/check-in system believes that the other copy has been returned. In this manner, an unlimited number of copies can be made to conforming devices, such as the aforementioned flash memory cards.
It is an object of this invention to provide a reliable check-out/check-in system and method for limiting the number of copies of protected content material that are simultaneously available. It is a further object of this invention to provide a reliable system and method for assuring that protected content material is provided only to devices that conform to copy protection standards established for protecting the content material. It is a further object of this invention to provide a reliable system and method for assuring that the device that checks-out content material is the same device that checks-in the content material. These objects and others are achieved by a check-out/check- in system that is configured to a) verify that the receiving device is a certified conforming device, and b) verify that the device that checks-in content material is the same device that checked-out the content material. The verification of the receiving device is effected via a conventional certification process. The verification that the same device is used for check-in and check-out is effected via a secure challenge-response protocol. As contrast to a conventional contemporaneous challenge-response protocol, the system provides a unique challenge that is specific to the receiving device when the content material is checked-out, and verifies the appropriate response when the content material is checked-in. Because the challenge- response is specific to the receiving device, only the device that receives the challenge when the content material is checked-out can provide the appropriate response when the content material is checked-in. The invention is explained in further detail, and by way of example, with reference to the accompanying drawings wherein:
Fig. 1 illustrates an example block diagram of a check-out/check-in system in accordance with this invention. Fig. 2 illustrates an example flow diagram of a check-out/check-in system in accordance with this invention.
Throughout the drawings, same reference numerals indicate similar or corresponding features or functions.
This invention is based on the premise that a reliable check-in/check-out system has two fundamental requirements. Such a system requires a reliable means of verifying that the receiving device is a certified conforming-device. Otherwise, the copy provided to a potentially non-conforming device may be illicitly reproduced, thereby obviating the copy protection provided by a check-out/check-in system. Additionally, the system requires a reliable means of verifying that the checked-in material is being returned from the same certified conforming-device that initially checked-out the material. Otherwise, a non-conforming device can be used to 'check-in' material that another device, including a conforming device, received. Other security techniques, common in the art, may also be applied, for increased copy and distribution protection.
Fig. 1 illustrates an example block diagram of a check-out/check-in system in accordance with this invention. The check-out/check-in system includes a check-out/check-in device 100 and a receiving device 200. The check-out/check-in device includes a catalog controller 110 that controls access to a catalog of content material 150 to certified receiving devices. The controller 110 limits the number of copies of each content material 150 that are simultaneously available. In a preferred embodiment, the controller 110 maintains a count of the number of copies of the content material 150 that have been provided to, or "checked- out" to, certified receiving devices, and refuses to provide additional copies when a predefined limit is reached. The check-out/check-in system allows a receiving device 200 to "return", or "check-in" a copy of the content material 150, so that it can be provided to another receiving device. The receiving device 200 is presumed to be a conforming device, and a "return" of the material 150 corresponds to a termination of access to the copy of the content material 150 by the receiving device 200, and the "return" is a notification to the check-out/check-in device 100 that the receiving device 200 has terminated the access. Upon receipt of the "return" notification, the check-out/check-in device 100 decrements the count of the number of copies of the content material 150 that have been provided to receiving devices, thereby allowing another copy of the content material 150 to be provided to a certified receiving device. A conforming receiving device 200 includes a "certificate" 211 that is issued by a trusted authority to certify that the receiving device is a device that is configured to conform to standards that have been established to protect copy protected content material. This certificate 21 1 typically includes a public key of a public-private key pair that is associated with the receiving device 200, the identity of the receiving device, and a digital signature based on a private key that is associated with the trusted authority. The digital signature binds the identity of the receiving device to the public key to the public key of the receiving device. The receiving device 200 communicates this certificate 211 to a certification verifier 120 in the check-out/check-in device 100. The certification verifier 120 applies a public key associated with the trusted authority to verify a correspondence between the communicated public key and the identity and authenticity of the receiver by means of the digital signature in the certificate 211. Because only the trusted authority can be expected to provide a digital signature that can be verified by the trusted authority's public key, the proper verification of the digital signature is a certification that the receiving device 200 is an authorized recipient for protected content material. When the certificate is verified, the catalog controller 110 provides/checks-out the selected content material 150 to the receiving device 200, provided that the selected content material 150 has not already been checked-out to the maximum number of simultaneous receivers, based on the count parameter discussed above. That is, for example, if the content material 150 is limited to a single-copy-at-a-time distribution, then the catalog controller 110 will check-out the content material 150 to the receiving device 200 if and only if no other receiving device has checked-out this content material 150 and has not yet returned it.
In accordance with this invention, when the catalog controller 1 10 provides the copy of the content material 150 to the receiving device 200, the catalog controller 110 also issues a secure "challenge" to the receiving device, using any of a number of challenge- response protocols. In the example embodiment, the challenge is an encryption of a random number 135, based on the aforementioned public key of the public-private key pair that is associated with the receiving device 200. The random number 135 is provided by any number of techniques common in the art, including a pseudo-random number generator, a selection from a list, and so on. As noted above, preferably the certificate 211 contains this public key, and the certification verifier 120 provides this certified public key to an encrypter 130 to effect the encryption of the random number 135. The receiving device 200 stores the challenge in its memory 210, along with the associated content material 150. As in conventional transfer systems, the content material 150 is provided to the receiving device in a secure form. The content material 150 may be encrypted using the aforementioned public key of the receiving device, and subsequently decrypted by the receiving device using a decrypter 230 and the receiving device's corresponding private key 212. Alternatively, the content material 150 may be encrypted using a particular key, and this particular key is encrypted using the public key of the receiving device. The receiving device 200 decrypts the encrypted key using the private key 212, and uses the decrypted key to decrypt the content material 150. These and other techniques for communicating protected content material are common in the art.
When a user of the receiving device 200 decides to return/check-in the content material to the check-out/check-in device, to allow another device to receive a copy of the content material, the receiving device is placed in communication with the check-out/check- in device, and the check-in process is initiated. In accordance with this invention, when placed in a check-in state, a security device 220 in the receiving device 200 erases the selected content material 150 from its memory 210, or otherwise terminates access to this content material 150, and communicates a "response" to the aforementioned "challenge" that was received when the content material 150 was received. In the example embodiment, the decrypter 230 within the security device 220 decrypts the encrypted random number that was received, and communicates the decrypted random number to the return verifier 140 of the check-out/check-in device 100. The return verifier compares the received decrypted random number to the original random number 135 to verify that the receiving device 200 is the same device that received the content material 150. Note that because the receiving device is assumed to be the only device having access to the receiving device's private key 212, and the encryption of the random number 135, and the content material 150, is based on the receiving device's public key, only the receiving device can return a decrypted random number that matches the original random number 135.
As will be evident to one of ordinary skill in the art, the catalog controller will typically contain a variety of content material that can be checked-out, and will typically check-out selected content material to a variety of receiving devices. Not illustrated, the catalog controller 110 and/or the return verifier 140 will contain a list of each checked-out content material and the random number associated with each checked-out content material, to effectively manage the check-out/check-in process. In like manner, each content material may have a different limit to the number of copies that may be simultaneously provided, with some content material allowing an unlimited number of simultaneous copies, and the catalog controller 110 is configured to enforce each limit as required.
Fig. 2 illustrates an example flow diagram of a check-out/check-in system in accordance with this invention. At 310, the check-out/check-in device receives a transaction request that includes an identification of the content material, and a certificate that verifies that the receiving device is a conforming device. As discussed above, in a preferred embodiment, the certificate includes the public key of a public-private key pair that is associated with the receiving device. If, at 315, the certificate is determined to be invalid, the process is aborted; otherwise, the type of transaction is determined, at 325. If the transaction is a request to check-out content material, the current count of the number of copies of the requested content material is compared to the limit of the number of simultaneous copies permitted, at 335. If the number of currently checked-out copies is not less than the limit, the process is aborted. If the number of currently checked-out copies is less than the limit, a challenge is generated, at 340, and the challenge and the content material are transmitted to the receiving device, at 350. The current count of the number of checked-out copies is incremented, at 360, thereby corresponding to a check-out of the content material. If, at 325, the transaction is a return/check-in of content material, the checkout/check-in device receives the response to the challenge that was given to the receiving device checked-out the content material, at 370. If the response is an appropriate response to the challenge, at 375, the current count of the number of checked-out copies of the content material is decremented, at 380, thereby corresponding to a "return" of the content material, and the process continues. If the response does not correspond to the challenge, at 375, the count is not decremented.
After incrementing or decrementing the count, or after aborting, the process continues at 390, typically by looping back to step 310, to await another transaction request. Note that the flow 310-325 can be modified to bypass the 're-certification' of the receiving device when content material is being returned, on the assumption that only a previously certified receiving device will be able to provide an appropriate response to the challenge, at 370.
The foregoing merely illustrates the principles of the invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements which, although not explicitly described or shown herein, embody the principles of the invention and are thus within the spirit and scope of the following claims.

Claims

CLAIMS:
1. A method for limiting simultaneous copies of content material (150), comprising: communicating (350) a copy of the content material (150) to a receiving device (200), communicating (350) a security challenge to the receiving device (200) when the copy of the content material (150) is communicated to the receiving device (200), and-
- receiving (370) a security response, based on the security challenge, from the receiving device (200) when the copy of the content material (150) is removed from the receiving device (200).
2. The method of claim 1, further including
- verifying (315) a certification (211) of the receiving device (200) before communicating the copy of the content material (150) to the receiving device (200).
3. The method of claim 1, further including - maintaining a count of the simultaneous copies of the content material (150), including: incrementing (360) the count when the copy of the content material (150) is communicated to the receiving device (200), and decrementing (380) the count when the security response is received from the receiving device (200), - wherein
- communicating (350) the copy of the content material (150) is dependent upon the count of the simultaneous copies.
4. The method of claim 1, further including: - generating (340) a random number, and
- encrypting (340) the random number via a public key of a public-private key pair that is associated with the receiving device (200) to form the security challenge, and
- wherein
- the security response includes the random number.
5. A check-out/check-in device (100) comprising:
- a catalog controller (110) that is configured to provide a limited number of simultaneous copies of content material (150) to one or more receiving devices, - an encrypter (130) that is configured to provide a security challenge to a receiving device (200) of the one or more receiving devices when the catalog controller (110) provides a copy of the content material (150) to the receiving device (200), and a return verifier (140) that is configured to: receive a security response from the receiving device (200) when the copy of the content material (150) is removed from the receiving device (200), and notify the catalog controller (110) whether the security response corresponds to an appropriate response to the security challenge.
6. The check-out/check-in device (100) of claim 5, further including a certification verifier (120) that is configured to verify a certification (211) of the receiving device (200),
- wherein
- the catalog controller (110) is further configured to provide the content material (150) in dependence upon the certification (211) of the receiving device (200).
7. The check-out check-in device (100) of claim 5, wherein
- the catalog controller (110) is further configured to maintain a count of the simultaneous copies of the content material (150), wherein, - the catalog controller (110) is configured to: increment the count when the copy of the content material (150) is communicated to the receiving device (200), and decrement the count when the security response is received from the receiving device (200), and provide the copy of the content material (150) in dependence upon the count of the simultaneous copies.
8. The check-out/check-in device (100) of claim 5, wherein - the encrypter (130) is configured to encrypt a random number via a public key of a public-private key pair that is associated with the receiving device (200) to form the security challenge, and the return verifier (140) is configured to compare the security response to the random number to determine whether the security response corresponds to the appropriate response to the security challenge.
9. A receiving device (200) that receives content material (150) and a corresponding security challenge from a check-out/check-in device (100), comprising: - a memory (210) that is configured to store the content material (150) and the corresponding security challenge, and
- a security device (220) that is configured to: erase the content material (150) from the memory (210), and communicate a security response to the check-out/check-in device (100), based on the security challenge that is associated with the content material (150).
10. The receiving device (200) of claim 9, wherein
- the security device (220) is further configured to communicate a certification (211) of the receiving device (200) to the check-out/check-in device (100) to enable the check- out/check-in device (100) to provide the content material (150) to the receiving device
(200).
11. The receiving device (200) of claim 9, wherein
- the security device (220) includes: a decrypter (230) that decrypts the security challenge via a private key (212) of a public-private key pair that is associated with the receiving device (200) to form the security response.
PCT/EP2000/003801 1999-04-30 2000-04-27 Registering copy protected material in a check-out, check-in system WO2000067256A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
DE2000626137 DE60026137T2 (en) 1999-04-30 2000-04-27 REGISTRATION OF COPY-PROOF MATERIAL IN A DEPOSIT / RESERVE SYSTEM
EP00918895A EP1092220B1 (en) 1999-04-30 2000-04-27 Registering copy protected material in a check-out, check-in system
JP2000616018A JP2003522349A (en) 1999-04-30 2000-04-27 Check-out / check-in system for registering copy-protected content materials

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US13199399P 1999-04-30 1999-04-30
US60/131,993 1999-04-30
US09/548,728 2000-04-13
US09/548,728 US7134145B1 (en) 1999-04-30 2000-04-13 Registering copy protected material in a check-out, check-in system

Publications (1)

Publication Number Publication Date
WO2000067256A1 true WO2000067256A1 (en) 2000-11-09

Family

ID=26829986

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2000/003801 WO2000067256A1 (en) 1999-04-30 2000-04-27 Registering copy protected material in a check-out, check-in system

Country Status (7)

Country Link
US (1) US7134145B1 (en)
EP (1) EP1092220B1 (en)
JP (1) JP2003522349A (en)
KR (1) KR100721269B1 (en)
CN (1) CN1165902C (en)
DE (1) DE60026137T2 (en)
WO (1) WO2000067256A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1225564A2 (en) * 2000-12-27 2002-07-24 Pioneer Corporation Server, terminal, information processing system, and information record medium
EP1237157A2 (en) * 2001-02-16 2002-09-04 Pioneer Corporation Digital information storage system and digital information delivery system
JP2002297032A (en) * 2001-03-29 2002-10-09 Sony Corp Device and method for processing information, recording medium and program
JP2002304461A (en) * 2001-04-04 2002-10-18 Sony Corp Information processing device and method, storage medium, and program
EP1338992A1 (en) * 2000-11-24 2003-08-27 Sanyo Electric Co., Ltd. Data terminal capable of transferring ciphered content data and license acquired by software
WO2004044821A1 (en) * 2002-11-12 2004-05-27 Koninklijke Philips Electronics N.V. Creating expiring copies in a check-out/check-in system
EP1811742A2 (en) * 2006-01-11 2007-07-25 Sony Corporation System, apparatus, method and computer program for transferring content
JP2008152913A (en) * 2001-11-15 2008-07-03 Sony Music Entertainment Inc Method for controlling use and duplication of digital content distributed on removable recording media
JP2010237681A (en) * 2010-05-07 2010-10-21 Sony Corp Information processing apparatus and method, information processing system, and program
WO2015130925A1 (en) * 2014-02-26 2015-09-03 Arris Enterprises, Inc. Copy count for dtcp with an abbreviation hash used for check in copy

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001236081A (en) * 1999-11-12 2001-08-31 Sony Corp Information processor, information processing method and program storage medium
JP3778009B2 (en) * 2001-06-13 2006-05-24 ソニー株式会社 Data transfer system, data transfer device, data recording device, and data management method
JP3809779B2 (en) * 2001-06-18 2006-08-16 ソニー株式会社 Data transfer system, data transfer device, data recording device, and data transfer method
US8644969B2 (en) * 2003-01-02 2014-02-04 Catch Media, Inc. Content provisioning and revenue disbursement
US8918195B2 (en) 2003-01-02 2014-12-23 Catch Media, Inc. Media management and tracking
US8732086B2 (en) 2003-01-02 2014-05-20 Catch Media, Inc. Method and system for managing rights for digital music
US8666524B2 (en) 2003-01-02 2014-03-04 Catch Media, Inc. Portable music player and transmitter
US7600266B2 (en) * 2003-06-30 2009-10-06 Gateway, Inc. Optical jukebox with copy protection caching and methods of caching copy protected data
CN100447701C (en) * 2005-04-19 2008-12-31 騋扬科技股份有限公司 Applied software file storing method
CN100581239C (en) * 2006-01-11 2010-01-13 索尼株式会社 Content transmission system, device and method
US8689247B2 (en) * 2008-04-04 2014-04-01 Qualcomm Incorporated Systems and methods for distributing and redeeming credits on a broadcast system
DE102010044687A1 (en) * 2010-09-08 2012-03-08 Giesecke & Devrient Gmbh Portable data carrier with misoperation counter
CN110688519B (en) * 2019-09-30 2022-07-15 腾讯音乐娱乐科技(深圳)有限公司 Method, device, system, equipment and storage medium for playing media data

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0462918A2 (en) * 1990-06-21 1991-12-27 International Business Machines Corporation A method and system of document processing in a data processing environment
US5390297A (en) * 1987-11-10 1995-02-14 Auto-Trol Technology Corporation System for controlling the number of concurrent copies of a program in a network based on the number of available licenses
JPH10111797A (en) * 1996-10-08 1998-04-28 Nec Corp Network license management system
JPH10149283A (en) * 1996-09-20 1998-06-02 Fujitsu Ltd Information processor, replaceable storage medium, license issue system, and license issuing and moving method
GB2343025A (en) * 1998-10-23 2000-04-26 Ibm License management system

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0246823A3 (en) * 1986-05-22 1989-10-04 Racal-Guardata Limited Data communication systems and methods
DE59407042D1 (en) 1993-08-24 1998-11-12 Landis & Gyr Tech Innovat Method for programming a storage medium and device for performing the method
US5495411A (en) * 1993-12-22 1996-02-27 Ananda; Mohan Secure software rental system using continuous asynchronous password verification
US5473692A (en) * 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US5787175A (en) 1995-10-23 1998-07-28 Novell, Inc. Method and apparatus for collaborative document control
GB9608696D0 (en) * 1996-04-26 1996-07-03 Europ Computer Ind Res Electronic copy protection mechanism
US5926624A (en) 1996-09-12 1999-07-20 Audible, Inc. Digital information library and delivery system with logic for generating files targeted to the playback device
US5754763A (en) * 1996-10-01 1998-05-19 International Business Machines Corporation Software auditing mechanism for a distributed computer enterprise environment
DK2997A (en) 1997-01-09 1997-01-14 Hans Jessen Procedure for preventing unauthorized use of computer program
US6173400B1 (en) * 1998-07-31 2001-01-09 Sun Microsystems, Inc. Methods and systems for establishing a shared secret using an authentication token
JP5390297B2 (en) * 2009-01-15 2014-01-15 住友電気工業株式会社 Superconducting cable connection and superconducting cable line using the same

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5390297A (en) * 1987-11-10 1995-02-14 Auto-Trol Technology Corporation System for controlling the number of concurrent copies of a program in a network based on the number of available licenses
EP0462918A2 (en) * 1990-06-21 1991-12-27 International Business Machines Corporation A method and system of document processing in a data processing environment
JPH10149283A (en) * 1996-09-20 1998-06-02 Fujitsu Ltd Information processor, replaceable storage medium, license issue system, and license issuing and moving method
JPH10111797A (en) * 1996-10-08 1998-04-28 Nec Corp Network license management system
GB2343025A (en) * 1998-10-23 2000-04-26 Ibm License management system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
PATENT ABSTRACTS OF JAPAN vol. 1998, no. 09 31 July 1998 (1998-07-31) *
PATENT ABSTRACTS OF JAPAN vol. 1998, no. 11 30 September 1998 (1998-09-30) *

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1338992A1 (en) * 2000-11-24 2003-08-27 Sanyo Electric Co., Ltd. Data terminal capable of transferring ciphered content data and license acquired by software
EP1338992A4 (en) * 2000-11-24 2008-02-06 Sanyo Electric Co Data terminal capable of transferring ciphered content data and license acquired by software
EP1225564A2 (en) * 2000-12-27 2002-07-24 Pioneer Corporation Server, terminal, information processing system, and information record medium
EP1225564A3 (en) * 2000-12-27 2004-03-17 Pioneer Corporation Server, terminal, information processing system, and information record medium
EP1489610A3 (en) * 2001-02-16 2007-12-12 Pioneer Corporation Digital information storage system and digital information delivery system
EP1237157A2 (en) * 2001-02-16 2002-09-04 Pioneer Corporation Digital information storage system and digital information delivery system
EP1237157A3 (en) * 2001-02-16 2003-01-02 Pioneer Corporation Digital information storage system and digital information delivery system
EP1489610A2 (en) * 2001-02-16 2004-12-22 Pioneer Corporation Digital information storage system and digital information delivery system
JP2002297032A (en) * 2001-03-29 2002-10-09 Sony Corp Device and method for processing information, recording medium and program
JP2002304461A (en) * 2001-04-04 2002-10-18 Sony Corp Information processing device and method, storage medium, and program
US7533180B2 (en) 2001-04-04 2009-05-12 Sony Corporation Information-processing device, information-processing method, recording medium, and program
US7584288B2 (en) 2001-04-04 2009-09-01 Sony Corporation Information-processing device, information-processing method, recording medium, and program
JP2008152913A (en) * 2001-11-15 2008-07-03 Sony Music Entertainment Inc Method for controlling use and duplication of digital content distributed on removable recording media
WO2004044821A1 (en) * 2002-11-12 2004-05-27 Koninklijke Philips Electronics N.V. Creating expiring copies in a check-out/check-in system
EP1811742A2 (en) * 2006-01-11 2007-07-25 Sony Corporation System, apparatus, method and computer program for transferring content
EP1811742A3 (en) * 2006-01-11 2011-06-08 Sony Corporation System, apparatus, method and computer program for transferring content
US8074290B2 (en) 2006-01-11 2011-12-06 Sony Corporation System, apparatus, method and computer program for transferring content
US9083681B2 (en) 2006-01-11 2015-07-14 Sony Corporation System, apparatus, method and computer program for transferring content
JP2010237681A (en) * 2010-05-07 2010-10-21 Sony Corp Information processing apparatus and method, information processing system, and program
WO2015130925A1 (en) * 2014-02-26 2015-09-03 Arris Enterprises, Inc. Copy count for dtcp with an abbreviation hash used for check in copy

Also Published As

Publication number Publication date
US7134145B1 (en) 2006-11-07
CN1165902C (en) 2004-09-08
KR20010053344A (en) 2001-06-25
JP2003522349A (en) 2003-07-22
EP1092220A1 (en) 2001-04-18
EP1092220B1 (en) 2006-02-22
CN1302436A (en) 2001-07-04
DE60026137T2 (en) 2006-11-16
DE60026137D1 (en) 2006-04-27
KR100721269B1 (en) 2007-05-25

Similar Documents

Publication Publication Date Title
US7134145B1 (en) Registering copy protected material in a check-out, check-in system
EP1067447B1 (en) Storage medium for contents protection
US6898706B1 (en) License-based cryptographic technique, particularly suited for use in a digital rights management system, for controlling access and use of bore resistant software objects in a client computer
EP1579621B1 (en) Domain-based digital-rights management system with easy and secure device enrollment
KR101315076B1 (en) Method for redistributing dram protected content
US6801999B1 (en) Passive and active software objects containing bore resistant watermarking
US7689791B2 (en) Protection of content stored on portable memory from unauthorized usage
US6550011B1 (en) Media content protection utilizing public key cryptography
TW522336B (en) Work management method and work management device
US7653946B2 (en) Method and system for secure distribution of digital documents
US20030046568A1 (en) Media protection system and method and hardware decryption module used therein
JP2000347946A (en) Method and device for preventing illegal use of multimedia contents
JP2000503154A (en) System for controlling access and distribution of digital ownership
JP2006504176A (en) Method and apparatus for permitting content operation
EP1556750A2 (en) Digital-rights management system
WO2000004549A2 (en) Copy protection by ticket encryption
KR20010087366A (en) Updating a revocation list to foil an adversary
JP3788572B2 (en) Rental content distribution system and method
JP2004312717A (en) Data protection management apparatus and data protection management method
JP2006520151A (en) Authorized copy guarantee

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 00800740.3

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): CN JP KR

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

WWE Wipo information: entry into national phase

Ref document number: 2000918895

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 1020007015112

Country of ref document: KR

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWP Wipo information: published in national office

Ref document number: 2000918895

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020007015112

Country of ref document: KR

WWG Wipo information: grant in national office

Ref document number: 2000918895

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 1020007015112

Country of ref document: KR